This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Rapid7
rapid7.com
did:plc:iau3flo7dfknwbk25zj223iq
Yesterday, CISA published an advisory on the exploitation of this unauthenticated path traversal vulnerability that can be chained with CVE-2024-57728, an authenticated arbitrary file upload, resulting in remote code execution.
Full analysis and IOCs on AttackerKB: r-7.co/4l2QKIh
2025-06-13T13:25:16.247Z